Split horizon configuration problem.

Answered Question
Sep 2nd, 2013
User Badges:

Hello,

I have ASR 9000 and some wimax AP. There is problem with communication between client antenas ( hosts behind antenas).

Clients doesnt have problem with communication to Internet.


There are some Access Points - each one with different vlan, to make all clients cpe's work in one subnet I put off vlans on ASR subinterface

and bind all connections to route interface BVI1 - whitch have helper address configured to my dhcp server.


DHCP SERWER ---- (ASR 9k) - subinterfaces g0/1/0/1.10- ---- Wimax AP (vlan 10) - client CPE


                                                  -subinterfaces g0/1/0/1.11- ---- Wimax AP (vlan 11) - client CPE 


                                                  - subinterfaces g0/1/0/1.12- ---- Wimax AP (vlan 12) - client CPE                         





interface GigabitEthernet0/1/0/1.10 l2transport

encapsulation dot1q 10

rewrite ingress tag pop 1 symmetric


interface GigabitEthernet0/1/0/1.11 l2transport

encapsulation dot1q 11

rewrite ingress tag pop 1 symmetric


interface GigabitEthernet0/1/0/1.12 l2transport

encapsulation dot1q 12

rewrite ingress tag pop 1 symmetric




interface BVI1

ipv4 helper-address vrf default 192.168.100.1

ipv4 address x.x.x.x 255.255.252.0    ( 4 subnets, one mask and gateway)



l2vpn

bridge group Wireless

  bridge-domain w-max

   mac

    aging

     time 600

    !

   !

   interface GigabitEthernet0/1/0/1.10

    split-horizon group


interface GigabitEthernet0/1/0/1.11

    split-horizon group


interface GigabitEthernet0/1/0/1.12

    split-horizon group


routed interface BVI1



Strange is that with split-horizon configured cpe get IP address from  dhcp, without split horizon cpe cant connect to dhcp-serwer -strange,

with split-horizon cpe can get IP and has Internet access but cant connect to other cpe's.

Correct Answer by xthuijs about 3 years 11 months ago

AC's in the SAME split horizon group can't talk to each other, so that is correctly working.

If 2 devices in the same subnet want to talk with each other, they will ARP for the other's address, since they are in teh same SHG, that arp is not seen from one host to another.

The gateway does receive the ARP but says, hmm in local subnet, I dont need to respond and this is also not for me anyway. So that is also correct.


What you may need to configure on the gateway intf is (local)proxy arp for the GW to respond to arp requests even if they are in the local subnet and even if they are not for him.

That way all sub to sub or AC to AC traffic will go via the gateway.


regards

xander

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
feableee123 Tue, 09/03/2013 - 01:18
User Badges:

I did some troubleshooting and found some interesting facts about configuration and how make it work - partly.


On all subinterfaces I have also configured mirroring - to log connections. The configuraiton is like below:


interface GigabitEthernet0/1/0/1.10 l2transport

encapsulation dot1q 10

rewrite ingress tag pop 1 symmetric

monitor-session monitor11 direction rx-only


interface GigabitEthernet0/1/0/1.11 l2transport

encapsulation dot1q 11

rewrite ingress tag pop 1 symmetric

monitor-session monitor11 direction rx-only


interface GigabitEthernet0/1/0/1.12 l2transport

encapsulation dot1q 12

rewrite ingress tag pop 1 symmetric

monitor-session monitor11 direction rx-only


I din`t mention it in previous configuration, I thought it has no meaning.

When It is configured - I cant ping or connect any device behind any subinterface ( still can connect Internet), when remove from interface and remove split-horizon - It Works.


Is that a bug? 

Still dont understand why hosts (with split-horizon) cant connect each other via gateway which is root in split horizon topology?

Correct Answer
xthuijs Thu, 09/12/2013 - 12:26
User Badges:
  • Cisco Employee,

AC's in the SAME split horizon group can't talk to each other, so that is correctly working.

If 2 devices in the same subnet want to talk with each other, they will ARP for the other's address, since they are in teh same SHG, that arp is not seen from one host to another.

The gateway does receive the ARP but says, hmm in local subnet, I dont need to respond and this is also not for me anyway. So that is also correct.


What you may need to configure on the gateway intf is (local)proxy arp for the GW to respond to arp requests even if they are in the local subnet and even if they are not for him.

That way all sub to sub or AC to AC traffic will go via the gateway.


regards

xander

feableee123 Thu, 09/12/2013 - 23:46
User Badges:

Thanks Alexander,

So if I understand correctly, only way hosts can talk with each other within one big subnet is:

- remove split-horizon 

- configure proxy-arp


I have also question about "bug" with port monitor feature when split-horizon is not configured:


When removing split-horizon, everything is working unless I configure monitor session on all Subinterfaces. When configured then there is no connection to hosts - strange.  But with split-horizon on and monitor session on everything is working.


Is that correct ?

xthuijs Fri, 09/13/2013 - 05:59
User Badges:
  • Cisco Employee,

that is correct, either no split horizon to allow AC to AC connectivity or with split horizon you would need (local) proxy arp

for the gateway to provide an ARP response from one host to another that normally cant see each other due to SH.


the absence of SHG's and applying port monitor to span traffic should not affect your operation obviously.

I suspect arp punting or flooding being an issue, if this is a problem I would file a TAC case and have it investigated as this should work.


cheers!

xander

Actions

This Discussion